[Linux] what does that look like?

Aaron Wolfe linux@flux.org
Mon, 18 Jun 2007 14:43:19 -0400 

That's just what bittorrent looks like.  Nothing to be alarmed about.
If you notice, it is your own computer generating the traffic.  So yes,
"someone" is using your laptop to send that traffic.. it's you :)

-Aaron
=20

-----Original Message-----
From: linux-admin@flux.org [mailto:linux-admin@flux.org] On Behalf Of
Terry Richards
Sent: Monday, June 18, 2007 12:50 AM
To: linux@flux.org
Subject: [Linux] what does that look like?


>>
>> :-)^2
>>
>>
> this is just too weird. it is the laptop that looses the connection on

> the lan. around 8-8:30 pm every sunday. the router seems to be fine.
> there is a connection after rebooting and i can get email - once. .=20
> .then i start bittorrent and it starts doing its' thing. then i hit=20
> get mail on thunderbird and the connection slowly peters out and dies.

> reboot and it works.
>
>
ah-ha,

Jun 17 22:24:55 terry-richards-powerbook-g4 snort: [1:621:7] SCAN FIN=20
[Classification: Attempted Information Leak] [Priority: 2]: {TCP}=20
192.168.0.102:49163 -> 89.190.210.92:56565
Jun 17 22:24:57 terry-richards-powerbook-g4 snort: [1:621:7] SCAN FIN=20
[Classification: Attempted Information Leak] [Priority: 2]: {TCP}=20
192.168.0.102:49165 -> 82.10.212.114:57003
Jun 17 22:24:59 terry-richards-powerbook-g4 snort: [1:621:7] SCAN FIN=20
[Classification: Attempted Information Leak] [Priority: 2]: {TCP}=20
192.168.0.102:49169 -> 201.160.64.166:16649
Jun 17 22:24:59 terry-richards-powerbook-g4 snort: [1:621:7] SCAN FIN=20
[Classification: Attempted Information Leak] [Priority: 2]: {TCP}=20
192.168.0.102:49175 -> 66.169.48.45:6881
Jun 17 22:24:59 terry-richards-powerbook-g4 snort: [1:621:7] SCAN FIN=20
[Classification: Attempted Information Leak] [Priority: 2]: {TCP}=20
192.168.0.102:49176 -> 83.86.228.64:65308
Jun 17 22:24:59 terry-richards-powerbook-g4 snort: [1:621:7] SCAN FIN=20
[Classification: Attempted Information Leak] [Priority: 2]: {TCP}=20
192.168.0.102:49181 -> 72.130.179.91:17433
Jun 17 22:24:59 terry-richards-powerbook-g4 snort: [1:621:7] SCAN FIN=20
[Classification: Attempted Information Leak] [Priority: 2]: {TCP}=20
192.168.0.102:49190 -> 71.80.181.76:6881
Jun 17 22:25:30 terry-richards-powerbook-g4 snort: [1:485:4] ICMP=20
Destination Unreachable Communication Administratively Prohibited=20
[Classification: Misc activity] [Priority: 3]: {ICMP} 88.64.184.71 ->=20
192.168.0.102
Jun 17 22:25:31 terry-richards-powerbook-g4 snort: (spp_arpspoof)=20
Unicast ARP request
Jun 17 22:26:17 terry-richards-powerbook-g4 snort: (spp_arpspoof)=20
Unicast ARP request
Jun 17 22:27:03 terry-richards-powerbook-g4 snort: (spp_arpspoof)=20
Unicast ARP request
Jun 17 22:27:49 terry-richards-powerbook-g4 snort: (spp_arpspoof)=20
Unicast ARP request
Jun 17 22:28:35 terry-richards-powerbook-g4 snort: (spp_arpspoof)=20
Unicast ARP request

does this mean someone is using my laptop to send something to all those

IPs  ??? maybe feeding info from {ICMP} 88.64.184.71 -> 192.168.0.102

> /|\
>

_______________________________________________
Linux mailing list
Linux@flux.org
http://www.flux.org/mailman/listinfo/linux